securityonion

mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00

Author	SHA1	Message	Date
Wes Lambert	3113d5fbdb	Format scan.exiftool as text	2020-11-02 19:31:14 +00:00
Wes Lambert	6420ee0310	Update parsing for scan.exiftool	2020-11-02 19:28:12 +00:00
William Wernert	3648e293a1	[fix] Add -L option to curl to respect redirects	2020-10-26 14:08:52 -04:00
weslambert	4765ef5f5c	Change rule_ruleset to rule.ruleset	2020-10-20 22:14:23 -04:00
Wes Lambert	af9daa4d71	Intel mapping enforcement and winlog.verion	2020-10-15 12:42:33 +00:00
Wes Lambert	54c4ee796f	Rename file.flavors.mime to file.mime_type	2020-10-14 18:56:44 +00:00
Wes Lambert	3c820365ab	Fix common pipeline field removal so won't fail for missing fields	2020-10-14 13:55:24 +00:00
Wes Lambert	14559b081d	Ensure Zeek logs without ts field have an @timestamp field associated	2020-10-12 17:19:23 +00:00
Mike Reeves	f5cfd480a3	Moar encryptions	2020-10-12 09:12:36 -04:00
Mike Reeves	9695e63950	fix template statement	2020-10-11 17:21:57 -04:00
Mike Reeves	deb0f640d6	add jinja templates	2020-10-11 17:02:07 -04:00
Mike Reeves	b7c4fd94c4	get pipelines to load	2020-10-11 16:57:08 -04:00
Mike Reeves	271e40337b	Enable jinja for tls	2020-10-11 10:57:04 -04:00
Mike Reeves	f6f9097cd9	Enable tls for 9200 on search capable nodes	2020-10-11 10:53:54 -04:00
Doug Burks	87574181d5	Add Community ID to pfsense filterlog #1501	2020-10-10 08:11:51 -04:00
Doug Burks	8d1ba1f4db	fix pfsense firewall udp parsing	2020-10-10 07:38:47 -04:00
Doug Burks	9aa4112de1	Remove extra comma	2020-10-10 06:10:10 -04:00
Wes Lambert	28a1f7f88a	Remove pfsense tag	2020-10-10 00:03:51 +00:00
Wes Lambert	b55ffa44f8	Fix module,dataset rename	2020-10-10 00:01:37 +00:00
Wes Lambert	69a04dedd3	Filterlog config changes	2020-10-09 23:56:52 +00:00
m0duspwnens	e7abbf19af	fix templates not applying to searchnode. so-searchnode role doesnt exists searchnodes are so-node role	2020-10-08 11:17:26 -04:00
Wes Lambert	a6d3dcf398	More fixes for rule field	2020-10-08 13:36:47 +00:00
Wes Lambert	a2e2f23a8d	Add null safe check for rule	2020-10-08 13:14:39 +00:00
weslambert	5ada85942b	Lowercase network.transport	2020-10-08 07:59:57 -04:00
Wes Lambert	7543144afe	Don't use regex for determining rule type	2020-10-07 16:15:43 +00:00
Wes Lambert	015a441e79	Change rule.signature_info to rule.reference and ensure common.nids exists	2020-10-07 15:20:26 +00:00
Wes Lambert	f0a1457ffd	Update common.nids	2020-10-07 15:14:08 +00:00
Wes Lambert	8c07c098f6	Pipeline cleanup	2020-10-06 20:14:15 +00:00
Wes Lambert	350cc41740	Let zeek.common handle common fields for zeek.tunnels	2020-10-06 20:12:23 +00:00
Wes Lambert	a6a69c57d1	Rename so-elasticsearch-templates to so-elasticsearch-templates-load	2020-10-06 17:18:42 +00:00
Wes Lambert	019bec992d	Add Strelka YARA matches as alerts	2020-10-06 12:19:44 +00:00
weslambert	bc31e19e37	Put back rule.category for Wazuh alerts	2020-10-05 11:34:29 -04:00
Wes Lambert	77d31cb289	Add event.severity and event.severity_label config for Wazuh alerts	2020-10-05 12:50:29 +00:00
Josh Brower	8a78485906	Config Playbook SOC Alerts	2020-10-04 21:35:42 -04:00
Wes Lambert	02d2e5e2c6	Fix isue with null Zeek server IP	2020-09-30 17:53:30 +00:00
Wes Lambert	36019727b3	Ensure IPs are typed as IP and ports as integer	2020-09-29 18:20:15 +00:00
Wes Lambert	869767d9d9	Add initial parsing for Wazuh WEL/Sysmon	2020-09-28 19:04:21 +00:00
m0duspwnens	dd56d7d2d1	change how we determine the ip. run script on search and import nodes as well	2020-09-16 09:48:38 -04:00
weslambert	fbf037f460	Ensure templates are loaded for heavy nodes	2020-09-15 17:14:06 -04:00
Josh Patterson	ca26548b2c	Merge pull request #1310 from Security-Onion-Solutions/issue/1281 Issue/1281	2020-09-10 10:08:25 -04:00
Doug Burks	24c325e9a1	Fix Elasticsearch parsing for Zeek Intel Indicator #1309	2020-09-10 06:41:19 -04:00
Josh Brower	c3b2d98ffb	Add event.category to WEL	2020-09-10 06:15:30 -04:00
m0duspwnens	09cc8ae1fb	fail the state if it isnt in top	2020-09-09 16:48:50 -04:00
m0duspwnens	a229ae82ce	only allow state to run if it is in top for the node	2020-09-02 16:15:52 -04:00
Josh Brower	a79d0319cd	Initial support for evtx import	2020-09-01 13:47:27 -04:00
Josh Brower	b7dd14b8f0	Set event.code to string for WEL	2020-08-28 13:40:04 -04:00
Josh Brower	1cf7301db4	Adds new .security analyzed subfield	2020-08-26 05:11:42 -04:00
Josh Brower	d4f7a07f85	Osquery Parsing fix	2020-08-18 15:54:11 -04:00
Mike Reeves	a3d8b7d0d3	Add watch statements	2020-08-14 09:40:38 -04:00
m0duspwnens	3387114389	Merge remote-tracking branch 'remotes/origin/dev' into issue/1049	2020-08-13 08:21:43 -04:00

1 2 3 4 5 ...

281 Commits